Summary: A heap overflow vulnerability in Tableau Server and Tableau Desktop may result in code execution. To exploit this vulnerability on Tableau Server, the attacker must be an authenticated user with the ability to publish views or workbooks. On Tableau Desktop, this vulnerability is exploited when a user opens a malicious file.

Impact: An attacker exploiting this vulnerability may be able to execute arbitrary code or cause a crash.

Vulnerable Versions: The following versions of Tableau Desktop and Tableau Server are vulnerable

Tableau Desktop and Server: 9.1 through 9.1.21Tableau Desktop and Server: 9.2 through 9.1.20Tableau Desktop and Server: 9.3 through 9.3.18Tableau Desktop and Server: 10.0 through 10.0.14Tableau Desktop and Server: 10.1 through 10.1.12Tableau Desktop and Server: 10.2 through 10.2.7Tableau Desktop and Server: 10.3 through 10.3.5Tableau Desktop and Server: 10.4 through 10.4.1Tableau Desktop and Server: 10.5 through 10.5.0

Resolution: The issue can be fixed by upgrading to the following version: